Incident workflow configuration example

Navigate to Correlate & Automate > Workflow Engine, click the Incident Workflows tab, and then click Add Workflow. A new workflow appears with a single Trigger element.

The first step is to determine which incidents will trigger the workflow. In this example scenario, the workflow should look for a value in tags.collector, which could be present when the incident is first created, or it could appear some point during an incident when additional alerts are added. The incident trigger allows you to choose from three scenarios to apply a workflow to an incident: New or changed incidents, New incidents only, or Changed incidents only. Because the tag value could get added at any time, select New or changed incidents for the trigger.

For more information on using tags, see Use custom tags to identify alerts and incidents.

The filter portion of the trigger is optional for incidents, but since this workflow only applies to incidents where mongodb is a value in tags.collector, use this filter:

tags.collector in (mongodb)

The first task is to copy mongodb to the services field, so a Set Service action needs to be added to the workflow.

To do this, click Add Action. Select the Set Service action from the list and click Add Selected Action.

This image shows how the action is configured to add the service name to the services field. In case there could be other service names you want to preserve in the services field, simply add it to the list instead of overwriting it.

The next workflow task is to assign the incident to the Database support team.

To do this, click Add Action. Select the Assign action from the list and click Add Selected Action.

The image shows the action configured to assign the incident to the Database support team.

NOTE: To use groups or user assignments in an action, those users or groups must already be present in Moogsoft Cloud. See User Groups overview for more information.

The next workflow task identifies the incidents affecting the MongoDB service which are critical.

Here, you add a Filter action. Click Add Action. Select the Filter action from the list and click Add Selected Action.

The image shows the Filter action configured to pass along only those incidents which have a severity of critical to the next action in this workflow. Incidents which do not have a severity of critical are not processed any further and move on to the next workflow.

Now the the workflow has filtered out the incidents that are critical, you can add another Assign action to assign them to Engineering.

Add a second Assign action by clicking Add Action. Select the Assign action from the list and click Add Selected Action.

The image shows the Assign action configured to assign the incidents which passed through the filter to Engineering.

NOTE: Here, the incident gets assigned to both the Database support team and Engineering. If it were only assigned to Engineering, this assignment would replace the earlier one.

The necessary steps are now complete, so the next task is to test the workflow to make sure it functions as desired.

To test the workflow, scroll down to the bottom of the page and drag the Workflow Tester section upward so the settings are visible. Click Add Test Field.

For this example, you only need to configure one field, tags.collector, which has an input value of mongodb.

Clicking Run Test shows how the workflow updates the incident:

However, the test does not show the second assignment. To do this, add a second test field: severity. Set the value to critical and run the test again. Now the filter action and the second Assign action also display.

The workflow functions as intended, so it can be enabled.